<?php
require_once("inc.public.php");

if($_GET["select_lan"]) $_SESSION['lan'] = $_GET["select_lan"];
else $_GET["select_lan"] = "en";

$this_title=$vars["title"]." &raquo; ".__("Login");
$page_title=__("Account Login");
$content_title=__("Login");

$td_width=180;
$datetime=ndate($vars["system_date_format"]);

$return_url=$_GET["url"];
if($_POST["__log"]){
	if($_SESSION['security_code'] == $_POST['security_code'] && !empty($_SESSION['security_code'])){
		if(!$post_s["username"] || !$post_s["password"]){
		  	$errmsg.=__("Please provide your Username and and Password to login to your account.")."<br />\n";
		}else{
		  	if(!@mysql_num_rows($r=mysql_query("select * from $db->users where username='$post_d[username]'"))){
		   		$errmsg.=__("Invalid Username and / or Password.")."<br />\n";
		   		mysql_query("insert $db->login (username,password,cdate,ipaddress) values ('".$post_s["username"]."','".$post_s["password"]."','".$datetime."','".$_SERVER['REMOTE_ADDR']."')");
		  	}else{
			   	$user=mysql_fetch_assoc($r);
			   	$enc_pass=explode(":", $user["enc_password"]);
			   	$salt=$enc_pass[1];
				if(md5($post_s["password"].$salt)!=$enc_pass[0]){
				    $errmsg.=__("Invalid Username and / or Password.")."<br />\n";
				    mysql_query("insert $db->login (username,password,cdate,ipaddress) values ('".$post_s["username"]."','".$post_s["password"]."','".$datetime."','".$_SERVER['REMOTE_ADDR']."')");
		   		}else{
		   			mysql_query("insert $db->login (uid,username,password,cdate,ipaddress) values ('".$user["id"]."','".$post_s["username"]."','".$post_s["password"]."','".$datetime."','".$_SERVER['REMOTE_ADDR']."')");
		   		}
		  	}
		}
		 
		if(!$errmsg){
			if($user["status"]=="unverified"){
		   		$errmsg.=__("You have not verified your account yet and you cannot login to your account.")."<br />\n";
		  	}elseif($user["status"]=="suspended"){
		   		$errmsg.=__("Your account has been suspended and you cannot login to your account.")." ".__("Please contact us to find out the reason and the necessary steps to activate your account.")."<br />\n";
		  	}elseif($user["status"]=="terminated"){
		   		$errmsg.=__("Your account has been terminated and you cannot login to your account.")." ".__("Please contact us if you need further information.")."<br />\n";
		  	}else{
				mysql_query($sql="update $db->users set last_login2=last_login, last_login='$datetime' where id='$user[id]' limit 1");
			  	$_SESSION["uid"]=$user['id'];
			  	$_SESSION["dist_code"]=$user['code'];
			 	encrypt_user_login_sess_cookie($user['username'], $user['enc_password']);
			  	$forward_url=$return_url? $return_url : MEMBER_URL."/".$vars["file"]["member"]["index"];
			  	header("Location: $forward_url");
			  	exit();
		  	}
	 	}
	}else{
		$errmsg.=__("Sorry, you have provided an invalid security code.")."<br />\n";
	}
}

$errmsg=(strstr($_SERVER["QUERY_STRING"], "logged-out")? __("You need login to see this page.")."<br />\n".($errmsg? "<br />\n$errmsg" : "") : $errmsg);
$errmsg=$errmsg? format_err($errmsg) : "";

$form_fields=array("username"=>"", "password"=>"");
foreach($form_fields as $field => $default){
 $dis[$field]=!$posting? $default : $post_h[$field];
}

$jvscript=
"<script type='text/javascript' src='".JS_URL."/get_file_gzip.php?file=".urlencode("jquery.js")."'></script>
<script type='text/javascript'>
jQuery(document).ready(function(j){
 j('input#log_username').focus();
});
</script>";

$maintenance=mysql_result(mysql_query("select value from gg_settings where param='maintenance'"), 0) or 0;
if($maintenance=='y'){
	$maintenance_msg=mysql_result(mysql_query("select value from gg_settings where param='maintenance_msg'"), 0) or 0;
	$login="<table width='65%' height='169'  border='0' align='left' class='grey_bg'><tr><td>".format_err($maintenance_msg)."</td></tr></table>";	
}else{
	$login="<section class='main'><form class='form-4' name='login_form' method='post' action='$this_file".($_SERVER["QUERY_STRING"]? "?$_SERVER[QUERY_STRING]" : "")."'><input type='hidden' name='__log' value='1' />
	        ".($errmsg ? $errmsg : "")."
	        <h1>".__("Login")."</h1>
            <p>
                <label for='login'>".__('Username')."</label>
                <input name='username' id='log_username' type='text' class='grey_bg' size='40' placeholder='".__('Username')."' />
            </p>
            <p>
                <label for='password'>".__('Password')."</label>
                <input name='password' type='password' class='grey_bg' size='40'  placeholder='".__('Password')."' />
            </p>
            <p>
                <img src='captcha/CaptchaSecurityImages.php?width=100&height=40&characters=5' /><br>
                <input name='security_code' id='security_code' type='text' class='grey_bg' size='18' placeholder='".__('Captcha')."' />
            </p>
            <p>
                <input name='Submit' type='submit' onclick=\"this.disabled=true; this.value='".__('Wait...')."'; this.form.submit();\" class='black_bg' value='".__('Login')."' />
                <input type='button' onclick=\"parent.location='forgot_password.php'\" value='".__('Forgot Password')."'>
            </p>
          </form></section>";
}
	
$content="<h2>$page_title</h2>".$login;
$content=$login;

print format_public_page($content, $this_title, $content_title, $jvscript);
?>